Domain 1 – Security and Risk Management/Security Concepts
- In your own words describe what is meant by “defense-in-depth” in security design. Give an example of a combination of security controls that you have seen implemented that show how the combination of security factors improve the overall security.
- The CIA triad is a common way of describing how confidentiality, integrity and availability concerns form the pillars of information security. Give an example from your experience or a technical article you’ve read that describes methods of improving security of information in each area of the CIA triad.
- Describe the administrative management practices of separation of duties, job rotation, and mandatory vacations and their role within operations security
- Explain the differences between Patents, Copyrights, and Trademarks in terms of idea, expression, and symbol.
- Describe intellectual property laws. What clauses should a termination policy contain to prevent disclosure of an organization’s information?
- Describe the differences between qualitative and quantitative risk management methods.
- What are the steps in the business continuity planning process? Why is a clear understanding of a company’s enterprise architecture critical to this process?
- Describe the steps in a Business Impact Analysis (BIA). What different loss criteria types can be associated with threats identified during the Business Impact Analysis process?